13.15. Preventing SQL Injection Attacks

Problem

You want to harden your code against SQL injection attacks,
whether in DBI or ActiveRecord code.

Solution

With both ActiveRecord and DBI applications, you should create
your SQL with question marks where variable interpolations should go.
Pass in the variables along with the SQL to DatabaseHandle#execute, and the database
will make sure the values are properly quoted.